--- title: Create Identity Provider (SAML) description: The sample shows the request with the type property set to SAML. In addition, this sample uses an expand filter in the request URL to show SAML attribute details. component: pingone-api page_id: pingone-api:platform:identity-provider-management/identity-providers/create-identity-provider-saml canonical_url: https://developer.pingidentity.com/pingone-api/platform/identity-provider-management/identity-providers/create-identity-provider-saml.html section_ids: headers: Headers body: Body example-request: Example Request example-response: Example Response --- # Create Identity Provider (SAML) ## ```none POST {{apiPath}}/v1/environments/{{envID}}/identityProviders ``` The sample shows the request with the `type` property set to `SAML`. In addition, this sample uses an `expand` filter in the request URL to show SAML attribute details. | | | | - | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | The `_embedded` attribute in the response lists the SAML attribute mapping resources associated with the new identity provider resource. This particular identity provider has only the default mapping, in which the PingOne `username` attribute is mapped to the `${samlAssertion.subject}` SAML attribute. | > **Collapse: Request Model** > > **SAML identity provider settings data model** > > | Property | Type | Required? | > | ----------------------------------------- | ------- | --------- | > | `authnRequestSigned` | Boolean | Required | > | `idpEntityId` | String | Required | > | `idpVerification.certificates[String].id` | String | Required | > | `sloBinding` | String | Optional | > | `sloEndpoint` | String | Optional | > | `sloResponseEndpoint` | String | Optional | > | `sloWindow` | String | Optional | > | `spEntityId` | String | Optional | > | `spSigning.algorithm` | String | Optional | > | `spSigning.key.id` | String | Optional | > | `ssoBinding` | String | Required | > | `ssoEndpoint` | String | Required | > > **SAML core attributes** > > | Property | Description | > | ---------- | ---------------------------------------------------------------------------------------------------------------------------------------------- | > | `username` | A string that specifies the core SAML attribute. The default value is `${samlAssertion.subject}` and the default update value is `EMPTY_ONLY`. | ### Headers Authorization      Bearer {{accessToken}} Content-Type      application/json ### Body raw ( application/json ) ```json { "name": "SAMLIdP", "description": "this is SAML IdP test", "type": "SAML", "enabled": false, "spEntityId": "sp-{$timestamp}", "idpEntityId": "idp-{$timestamp}", "sloWindow": 23, "sloResponseEndpoint": "https://slo.response.endpoint", "sloBinding": "HTTP_POST", "sloEndpoint": "https://slo.endpoint", "ssoBinding": "HTTP_POST", "ssoEndpoint": "https://idp.com/sso", "authnRequestSigned": "false", "idpVerification": { "certificates": [ { "id": "{{certID}}" } ] }, "spSigning": { "key": { "id": "{{spSigningID}}" } "algorithm": "SHA256withECDSA" } } ``` ## ### Example Request * cURL * C# * Go * HTTP * Java * jQuery * NodeJS * Python * PHP * Ruby * Swift ```shell curl --location --globoff '{{apiPath}}/v1/environments/{{envID}}/identityProviders' \ --header 'Content-Type: application/json' \ --header 'Authorization: Bearer {{accessToken}}' \ --data '{ "name": "SAMLIdP", "description": "this is SAML IdP test", "type": "SAML", "enabled": false, "spEntityId": "sp-{$timestamp}", "idpEntityId": "idp-{$timestamp}", "sloWindow": 23, "sloResponseEndpoint": "https://slo.response.endpoint", "sloBinding": "HTTP_POST", "sloEndpoint": "https://slo.endpoint", "ssoBinding": "HTTP_POST", "ssoEndpoint": "https://idp.com/sso", "authnRequestSigned": "false", "idpVerification": { "certificates": [ { "id": "{{certID}}" } ] }, "spSigning": { "key": { "id": "{{spSigningID}}" } "algorithm": "SHA256withECDSA" } }' ``` ```csharp var options = new RestClientOptions("{{apiPath}}/v1/environments/{{envID}}/identityProviders") { MaxTimeout = -1, }; var client = new RestClient(options); var request = new RestRequest("", Method.Post); request.AddHeader("Content-Type", "application/json"); request.AddHeader("Authorization", "Bearer {{accessToken}}"); var body = @"{" + "\n" + @" ""name"": ""SAMLIdP""," + "\n" + @" ""description"": ""this is SAML IdP test""," + "\n" + @" ""type"": ""SAML""," + "\n" + @" ""enabled"": false," + "\n" + @" ""spEntityId"": ""sp-{$timestamp}""," + "\n" + @" ""idpEntityId"": ""idp-{$timestamp}""," + "\n" + @" ""sloWindow"": 23," + "\n" + @" ""sloResponseEndpoint"": ""https://slo.response.endpoint""," + "\n" + @" ""sloBinding"": ""HTTP_POST""," + "\n" + @" ""sloEndpoint"": ""https://slo.endpoint""," + "\n" + @" ""ssoBinding"": ""HTTP_POST""," + "\n" + @" ""ssoEndpoint"": ""https://idp.com/sso""," + "\n" + @" ""authnRequestSigned"": ""false""," + "\n" + @" ""idpVerification"": {" + "\n" + @" ""certificates"": [" + "\n" + @" {" + "\n" + @" ""id"": ""{{certID}}""" + "\n" + @" }" + "\n" + @" ]" + "\n" + @" }," + "\n" + @" ""spSigning"": {" + "\n" + @" ""key"": {" + "\n" + @" ""id"": ""{{spSigningID}}""" + "\n" + @" }" + "\n" + @" ""algorithm"": ""SHA256withECDSA""" + "\n" + @" }" + "\n" + @"}"; request.AddStringBody(body, DataFormat.Json); RestResponse response = await client.ExecuteAsync(request); Console.WriteLine(response.Content); ``` ```golang package main import ( "fmt" "strings" "net/http" "io" ) func main() { url := "{{apiPath}}/v1/environments/{{envID}}/identityProviders" method := "POST" payload := strings.NewReader(`{ "name": "SAMLIdP", "description": "this is SAML IdP test", "type": "SAML", "enabled": false, "spEntityId": "sp-{$timestamp}", "idpEntityId": "idp-{$timestamp}", "sloWindow": 23, "sloResponseEndpoint": "https://slo.response.endpoint", "sloBinding": "HTTP_POST", "sloEndpoint": "https://slo.endpoint", "ssoBinding": "HTTP_POST", "ssoEndpoint": "https://idp.com/sso", "authnRequestSigned": "false", "idpVerification": { "certificates": [ { "id": "{{certID}}" } ] }, "spSigning": { "key": { "id": "{{spSigningID}}" } "algorithm": "SHA256withECDSA" } }`) client := &http.Client { } req, err := http.NewRequest(method, url, payload) if err != nil { fmt.Println(err) return } req.Header.Add("Content-Type", "application/json") req.Header.Add("Authorization", "Bearer {{accessToken}}") res, err := client.Do(req) if err != nil { fmt.Println(err) return } defer res.Body.Close() body, err := io.ReadAll(res.Body) if err != nil { fmt.Println(err) return } fmt.Println(string(body)) } ``` ```http POST /v1/environments/{{envID}}/identityProviders HTTP/1.1 Host: {{apiPath}} Content-Type: application/json Authorization: Bearer {{accessToken}} { "name": "SAMLIdP", "description": "this is SAML IdP test", "type": "SAML", "enabled": false, "spEntityId": "sp-{$timestamp}", "idpEntityId": "idp-{$timestamp}", "sloWindow": 23, "sloResponseEndpoint": "https://slo.response.endpoint", "sloBinding": "HTTP_POST", "sloEndpoint": "https://slo.endpoint", "ssoBinding": "HTTP_POST", "ssoEndpoint": "https://idp.com/sso", "authnRequestSigned": "false", "idpVerification": { "certificates": [ { "id": "{{certID}}" } ] }, "spSigning": { "key": { "id": "{{spSigningID}}" } "algorithm": "SHA256withECDSA" } } ``` ```java OkHttpClient client = new OkHttpClient().newBuilder() .build(); MediaType mediaType = MediaType.parse("application/json"); RequestBody body = RequestBody.create(mediaType, "{\n \"name\": \"SAMLIdP\",\n \"description\": \"this is SAML IdP test\",\n \"type\": \"SAML\",\n \"enabled\": false,\n \"spEntityId\": \"sp-{$timestamp}\",\n \"idpEntityId\": \"idp-{$timestamp}\",\n \"sloWindow\": 23,\n \"sloResponseEndpoint\": \"https://slo.response.endpoint\",\n \"sloBinding\": \"HTTP_POST\",\n \"sloEndpoint\": \"https://slo.endpoint\",\n \"ssoBinding\": \"HTTP_POST\",\n \"ssoEndpoint\": \"https://idp.com/sso\",\n \"authnRequestSigned\": \"false\",\n \"idpVerification\": {\n \"certificates\": [\n {\n \"id\": \"{{certID}}\"\n }\n ]\n },\n \"spSigning\": {\n \"key\": {\n \"id\": \"{{spSigningID}}\"\n }\n \"algorithm\": \"SHA256withECDSA\"\n }\n}"); Request request = new Request.Builder() .url("{{apiPath}}/v1/environments/{{envID}}/identityProviders") .method("POST", body) .addHeader("Content-Type", "application/json") .addHeader("Authorization", "Bearer {{accessToken}}") .build(); Response response = client.newCall(request).execute(); ``` ```javascript var settings = { "url": "{{apiPath}}/v1/environments/{{envID}}/identityProviders", "method": "POST", "timeout": 0, "headers": { "Content-Type": "application/json", "Authorization": "Bearer {{accessToken}}" }, "data": "{\n \"name\": \"SAMLIdP\",\n \"description\": \"this is SAML IdP test\",\n \"type\": \"SAML\",\n \"enabled\": false,\n \"spEntityId\": \"sp-{$timestamp}\",\n \"idpEntityId\": \"idp-{$timestamp}\",\n \"sloWindow\": 23,\n \"sloResponseEndpoint\": \"https://slo.response.endpoint\",\n \"sloBinding\": \"HTTP_POST\",\n \"sloEndpoint\": \"https://slo.endpoint\",\n \"ssoBinding\": \"HTTP_POST\",\n \"ssoEndpoint\": \"https://idp.com/sso\",\n \"authnRequestSigned\": \"false\",\n \"idpVerification\": {\n \"certificates\": [\n {\n \"id\": \"{{certID}}\"\n }\n ]\n },\n \"spSigning\": {\n \"key\": {\n \"id\": \"{{spSigningID}}\"\n }\n \"algorithm\": \"SHA256withECDSA\"\n }\n}", }; $.ajax(settings).done(function (response) { console.log(response); }); ``` ```javascript var request = require('request'); var options = { 'method': 'POST', 'url': '{{apiPath}}/v1/environments/{{envID}}/identityProviders', 'headers': { 'Content-Type': 'application/json', 'Authorization': 'Bearer {{accessToken}}' }, body: '{\n "name": "SAMLIdP",\n "description": "this is SAML IdP test",\n "type": "SAML",\n "enabled": false,\n "spEntityId": "sp-{$timestamp}",\n "idpEntityId": "idp-{$timestamp}",\n "sloWindow": 23,\n "sloResponseEndpoint": "https://slo.response.endpoint",\n "sloBinding": "HTTP_POST",\n "sloEndpoint": "https://slo.endpoint",\n "ssoBinding": "HTTP_POST",\n "ssoEndpoint": "https://idp.com/sso",\n "authnRequestSigned": "false",\n "idpVerification": {\n "certificates": [\n {\n "id": "{{certID}}"\n }\n ]\n },\n "spSigning": {\n "key": {\n "id": "{{spSigningID}}"\n }\n "algorithm": "SHA256withECDSA"\n }\n}' }; request(options, function (error, response) { if (error) throw new Error(error); console.log(response.body); }); ``` ```python import requests import json url = "{{apiPath}}/v1/environments/{{envID}}/identityProviders" payload = "{\n \"name\": \"SAMLIdP\",\n \"description\": \"this is SAML IdP test\",\n \"type\": \"SAML\",\n \"enabled\": false,\n \"spEntityId\": \"sp-{$timestamp}\",\n \"idpEntityId\": \"idp-{$timestamp}\",\n \"sloWindow\": 23,\n \"sloResponseEndpoint\": \"https://slo.response.endpoint\",\n \"sloBinding\": \"HTTP_POST\",\n \"sloEndpoint\": \"https://slo.endpoint\",\n \"ssoBinding\": \"HTTP_POST\",\n \"ssoEndpoint\": \"https://idp.com/sso\",\n \"authnRequestSigned\": \"false\",\n \"idpVerification\": {\n \"certificates\": [\n {\n \"id\": \"{{certID}}\"\n }\n ]\n },\n \"spSigning\": {\n \"key\": {\n \"id\": \"{{spSigningID}}\"\n }\n \"algorithm\": \"SHA256withECDSA\"\n }\n}" headers = { 'Content-Type': 'application/json', 'Authorization': 'Bearer {{accessToken}}' } response = requests.request("POST", url, headers=headers, data=payload) print(response.text) ``` ```php setUrl('{{apiPath}}/v1/environments/{{envID}}/identityProviders'); $request->setMethod(HTTP_Request2::METHOD_POST); $request->setConfig(array( 'follow_redirects' => TRUE )); $request->setHeader(array( 'Content-Type' => 'application/json', 'Authorization' => 'Bearer {{accessToken}}' )); $request->setBody('{\n "name": "SAMLIdP",\n "description": "this is SAML IdP test",\n "type": "SAML",\n "enabled": false,\n "spEntityId": "sp-{$timestamp}",\n "idpEntityId": "idp-{$timestamp}",\n "sloWindow": 23,\n "sloResponseEndpoint": "https://slo.response.endpoint",\n "sloBinding": "HTTP_POST",\n "sloEndpoint": "https://slo.endpoint",\n "ssoBinding": "HTTP_POST",\n "ssoEndpoint": "https://idp.com/sso",\n "authnRequestSigned": "false",\n "idpVerification": {\n "certificates": [\n {\n "id": "{{certID}}"\n }\n ]\n },\n "spSigning": {\n "key": {\n "id": "{{spSigningID}}"\n }\n "algorithm": "SHA256withECDSA"\n }\n}'); try { $response = $request->send(); if ($response->getStatus() == 200) { echo $response->getBody(); } else { echo 'Unexpected HTTP status: ' . $response->getStatus() . ' ' . $response->getReasonPhrase(); } } catch(HTTP_Request2_Exception $e) { echo 'Error: ' . $e->getMessage(); } ``` ```ruby require "uri" require "json" require "net/http" url = URI("{{apiPath}}/v1/environments/{{envID}}/identityProviders") http = Net::HTTP.new(url.host, url.port); request = Net::HTTP::Post.new(url) request["Content-Type"] = "application/json" request["Authorization"] = "Bearer {{accessToken}}" request.body = "{\n \"name\": \"SAMLIdP\",\n \"description\": \"this is SAML IdP test\",\n \"type\": \"SAML\",\n \"enabled\": false,\n \"spEntityId\": \"sp-{\\$timestamp}\",\n \"idpEntityId\": \"idp-{\\$timestamp}\",\n \"sloWindow\": 23,\n \"sloResponseEndpoint\": \"https://slo.response.endpoint\",\n \"sloBinding\": \"HTTP_POST\",\n \"sloEndpoint\": \"https://slo.endpoint\",\n \"ssoBinding\": \"HTTP_POST\",\n \"ssoEndpoint\": \"https://idp.com/sso\",\n \"authnRequestSigned\": \"false\",\n \"idpVerification\": {\n \"certificates\": [\n {\n \"id\": \"{{certID}}\"\n }\n ]\n },\n \"spSigning\": {\n \"key\": {\n \"id\": \"{{spSigningID}}\"\n }\n \"algorithm\": \"SHA256withECDSA\"\n }\n}" response = http.request(request) puts response.read_body ``` ```swift let parameters = "{\n \"name\": \"SAMLIdP\",\n \"description\": \"this is SAML IdP test\",\n \"type\": \"SAML\",\n \"enabled\": false,\n \"spEntityId\": \"sp-{$timestamp}\",\n \"idpEntityId\": \"idp-{$timestamp}\",\n \"sloWindow\": 23,\n \"sloResponseEndpoint\": \"https://slo.response.endpoint\",\n \"sloBinding\": \"HTTP_POST\",\n \"sloEndpoint\": \"https://slo.endpoint\",\n \"ssoBinding\": \"HTTP_POST\",\n \"ssoEndpoint\": \"https://idp.com/sso\",\n \"authnRequestSigned\": \"false\",\n \"idpVerification\": {\n \"certificates\": [\n {\n \"id\": \"{{certID}}\"\n }\n ]\n },\n \"spSigning\": {\n \"key\": {\n \"id\": \"{{spSigningID}}\"\n }\n \"algorithm\": \"SHA256withECDSA\"\n }\n}" let postData = parameters.data(using: .utf8) var request = URLRequest(url: URL(string: "{{apiPath}}/v1/environments/{{envID}}/identityProviders")!,timeoutInterval: Double.infinity) request.addValue("application/json", forHTTPHeaderField: "Content-Type") request.addValue("Bearer {{accessToken}}", forHTTPHeaderField: "Authorization") request.httpMethod = "POST" request.httpBody = postData let task = URLSession.shared.dataTask(with: request) { data, response, error in guard let data = data else { print(String(describing: error)) return } print(String(data: data, encoding: .utf8)!) } task.resume() ``` ### Example Response 201 Created ```json { "_links": { "self": { "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/identityProviders/a9e4e181-f520-4e6e-af30-d3559781ad1b" }, "environment": { "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6" }, "attributes": { "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/identityProviders/a9e4e181-f520-4e6e-af30-d3559781ad1b/attributes" } }, "id": "a9e4e181-f520-4e6e-af30-d3559781ad1b", "type": "SAML", "name": "SAMLIdP", "description": "this is SAML IdP test", "enabled": false, "environment": { "id": "abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6" }, "createdAt": "2019-06-17T17:20:12.294Z", "updatedAt": "2019-06-17T17:20:12.294Z", "_embedded": { "attributes": [ { "name": "username", "value": "${samlAssertion.subject}", "update": "EMPTY_ONLY", "id": "51a036c6-41ed-44f7-bd1d-eacaa2a1feab", "mappingType": "CORE", "environment": { "id": "abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6" }, "identityProvider": { "id": "a9e4e181-f520-4e6e-af30-d3559781ad1b" }, "createdAt": "2019-06-17T17:20:12.294Z", "updatedAt": "2019-06-17T17:20:12.294Z" } ] }, "authnRequestSigned": false, "sloWindow": 23, "sloResponseEndpoint": "https://slo.response.endpoint", "sloBinding": "HTTP_POST", "sloEndpoint": "https://slo.endpoint", "ssoEndpoint": "https://idp.com/sso", "ssoBinding": "HTTP_POST", "idpVerification": { "certificates": [ { "id": "123f67f8-c56c-4903-9c9b-c4b162e22789" } ] }, "spEntityId": "sp-1560792011", "spSigning": { "key": { "id": "11052663-a0c5-4788-8624-c88ee1aa26be" }, "algorithm": "SHA256withECDSA" }, "idpEntityId": "idp-1560792011" } ```